protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var user = (Person)httpContext.Session["USER_DTO"];
if (user != null)
{
using (var context = new StudentManagementDBContext())
{
string userRole = user.Discriminator;
foreach (var role in allowedroles)
{
if (role == userRole)
{
return(true);
}
}
}
}
return(false);
}